Retford Physiotherapy and Pilates Practice Limited; trading as “Pilates Clinic Retford”, “PCR Physiotherapy” and “Jo Pritchard’s Neuro Physio Practice”, is committed to protecting your personal information, and this policy relates to our use of information collected from you either in person, by letter, by email, by SMS, by telephone conversations, or by social media.
“Personal information” means any data that is capable of identifying you.
“We” means “Retford Physiotherapy and Pilates Practice Limited”
We collect and process data as we have a professional and legal requirement to do so. We ensure this information is adequate, relevant and limited to only what is necessary.
What information do we collect and when?
We collect and process data when you telephone or text the clinic to make an enquiry or appointment, when you email us or send a message on social media, or when you visit the clinic in person.
At the time of your enquiry or booking, we may ask you for:
Your date of birth
Your telephone number (landline, mobile or both)
Your email address
This will all be referred to as personal details
A brief summary of your reason for enquiring or booking an appointment may also be documented at this initial point of contact.
At your appointment at the clinic we will ask for:
Information regarding your general health, your previous health, and information regarding the condition for which you are seeking assessment, advice or treatment. We may also ask for copies of medical reports or scan results if relevant.
We will also ask for information regarding any medications you take, your employment, physical activities, hobbies and interests. We may ask for further information regarding your social history if relevant.
We will also record the findings of any physical examination, any treatment administered by us, and any advice given.
Assessment and treatment may include photographs or videos (additional consent will be sought prior to taking any images).
This will all be referred to as sensitive health related data
Payment history: details of your name, payments and methodology are recorded on paper receipts, and copies are kept for accounts and tax purposes.
How we store and use this information
Your sensitive health related data is mainly kept in paper format. You will have your own set of Physiotherapy clinical records, and these are stored at the clinic in locked cupboards or cabinets, in locked rooms, in a locked and alarmed building. At times your clinical notes may leave the building, due to a home visit for example. These notes will be stored in a locked cupboard at your Physiotherapist’s home address and returned to the clinic on their next working day.
Your personal details are also stored electronically. All documents containing personal details are password protected and stored on a password-protected computer with additional security software. Email communications are stored on the email server (third party PCI-DSS Compliant server), and at times are downloaded and stored on our main password-protected computer with additional security software. All computers with your data are kept in locked rooms in a locked and alarmed building.
Any personal or sensitive health related data stored or sent electronically (e.g. reports or invoices) will be password protected in word or PDF documents.
Your name and telephone number, and any voice messages or SMS communications, may also be stored on your Physiotherapist’s work mobile phone (specifically for work and not personal use); these are all password protected.
Photographs or Videos are recorded on a password-protected iPad; this is stored in a locked drawer in a locked room in a locked building.
Paper copies of receipts are kept in a locked cupboard at the Principal Physiotherapist’s home address. If you have paid by debit or credit card, this data will also be kept by third party “iZettle”, and if you have paid by cheque or online banking “TSB bank” will have access to data related to your payment method. Your data will also be included on our bank statements.
We use this information:
- To provide a legal record of any treatment or advice we provide.
- To ensure continuity of care.
- To contact you regarding your ongoing treatment, including sending exercise programmes by email (we use a third party for this service – Physiotec).
- To contact you if new information or treatments become available that may be of benefit to you.
- We may pass your information, with your permission, to other health professionals who may be involved in your care; this may include your GP, your consultant, your midwife, or other healthcare or social services professionals involved in your care.
- We may use your data for quality feedback purposes.
- We may use your data for audit purposes.
- If requested, we are legally bound to share your data with any lawful and / or Crown agency that requests that your data is released.
- If required, your personal data may be shared with a debt collection agency in the event of non-payment.
- Payment data is also shared with our third-party accountant “The Focus Collection” for HMRC tax returns purposes only.
- With your explicit consent, personal data is stored with a third party “mailchimp”. General emails and newsletters (including booking forms, educational or social events, the occasional special offer, and any other matters directly linked with the clinic) are shared this way.
We DO NOT pass on your data for commercial purposes
We take all reasonable steps to ensure that our information is kept up to date and rectified if necessary. It is also your responsibility to inform us if any personal information changes.
All third-party privacy policies can be viewed on their own websites.
If you attend classes at the clinic, your name and classes attended will be seen by other current clinic members on the class lists and sign-in sheets at each class. These sheets are essential as they confirm you have attended that class and act as an ongoing record of your treatment. Other members may also see your name and class on receipts distributed at class.
How long do we keep personal information for?
After your initial enquiry, your personal details are stored on paper for 3 months. If you commence treatment within this period then these details are inserted into your clinical notes. If treatment has not commenced after 3 months, these details are destroyed and you need to make a new enquiry if you wish to start Physiotherapy or Pilates at a later date.
We have a legal obligation to retain your clinical records for a minimum of 8 years after the conclusion of your treatment. This includes email communications related to your care.
If your clinical records relate to a child or young person, or include a period of intervention during pregnancy, the records must be kept until your (or your baby’s) 25th birthday or 8 years after death.
We keep a copy of your personal data electronically indefinitely. This is so we can identify when your final episode of care concluded, where your paper notes are filed, or when they were destroyed.
Unless you have given explicit consent for any Photographs to used for educational or promotional purposes, all photographs are deleted from the iPad after printing onto paper for insertion into your clinical records. Unless you have given explicit consent for them to be used for educational purposes, video clips are deleted at the end of your episode of care (a written description of the videos is included in your clinical notes).
How do we protect your information?
We have installed secure outdoor and indoor letterboxes for gathering postal communications, reports and booking forms. This is to ensure they remain private and confidential.
We take organisational and technical security measures to protect the information against unauthorised disclosure or unlawful processing.
You are entitled to a copy of the personal information we hold about you and to have any discrepancies rectified. You can do this by written request to the address at the beginning of this policy.
You have the right to change the permissions that you have given us in relation to how we may use your data. You also have the right to request that we cease using your data or that we delete all personal data records that we hold relating to you (provided it is lawful for us to delete these records). You can exercise these rights at any time by writing to us at the address at the end of this document.
Disclosure of your information
We may pass information, with your permission, to other medical professionals who may be involved in your care; this may include your GP, your consultant, your midwife, or any other healthcare or social services professionals involved in your care.
This information may be passed on in the form of a written letter. If this is handed to you to pass to the relevant person, the letter and the protection of its contents becomes your responsibility. If the letter is posted by Royal Mail, the envelope will be stamped with “Private and Confidential”; it can be posted recorded delivery at your request for an additional fee.
If the information is sent electronically by email, this will be in word document or PDF format, and will be password protected. We will take all reasonable precautions to transmit the information securely. If you are sending personal or sensitive health data to us electronically, it is your responsibility to password protect the document if you wish to protect the content in this way.
We may update this policy to reflect changes to our website and customer feedback. Please regularly review this policy to keep informed of how we are protecting your personal data.
Retford Physiotherapy and Pilates Practice Limited
Dental 22 Buildings